1. Field
This invention relates to blocking and removing malicious software threats from client computers, and more particularly, using the client computer to aid in the clearing of the client computer of malicious code by sending an information file from a facility blocking the network access to the client instructing the client computer to perform remedial actions to identify the malicious application.
2. Background
Many active malware applications use numerous websites to host components of the malicious code and applications. They may frequently use sophisticated techniques to avoid detection. Such techniques may typically involve multiple components that are downloaded to the victim client, once some rogue code or application is running. The delivery and execution of each component may be required to fully deliver the payload of the particular application. Blocking a request at a gateway to break the infection mechanism has become a critical part of security. Current gateway solutions may deny access to certain website requests; however, stopping the requests may require user or administrator interaction. Malware operating on a client may be sophisticated enough to make alternate requests if the first request is unsuccessful. For example, malware running on a client may try to download files from five separate websites. If three requests are blocked by conventional technologies at the gateway, two may succeed and the client may be further infected/compromised.
A need exists for improved methods and systems that provide identification and prevention of malware operations.